Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 44c46650 authored by Jay Thomas Sullivan's avatar Jay Thomas Sullivan Committed by Jay Sullivan
Browse files

[ECM] Change default mode of ACCESS_RESTRICTED_SETTINGS 

This sets the default mode of the ACCESS_RESTRICTED_SETTINGS op to
MODE_DEFAULT, and removes the now-unnecessary call to set the mode
from InstallPackageHelper.

Also, since app ops essentially stores all default modes values as
null, we'll have to do an upgrade step. For example, the previous
default mode (for this op) was MODE_ALLOWED, which was stored in app
ops as null. But, since we're redefining the default mode from
MODE_ALLOWED to MODE_DEFAULT, then we'll have an issue if we take no
further action, because all null values will suddenly mean MODE_DEFAULT
instead of MODE_ALLOWED, which is not desirable, because while we do
want to henceforth change the default mode for all newly installed apps,
we also want already-installed app op mode values to retain their
meaning. The solution is to perform a one-time upgrade of all null
values and resetting those values explicitly to MODE_ALLOWED.

Bug: 388960315
Test: manual
Test: EnhancedConfirmationManagerTest
Test: EnhancedConfirmationInCallTest
Test: CtsPackageInstallerCUJInstallationTestCases:android.packageinstaller.criticaluserjourney.cts.InstallationViaSessionTest
Relnote: N/A
Flag: EXEMPT bugfix
Change-Id: I53fbb8b23a404f790f3b0f71bdc2dbdbafac392d
parent 7ba7384e

core/java/android/app/AppOpsManager.java

+1 −1
Original line number Diff line number Diff line
@@ -3067,7 +3067,7 @@ public class AppOpsManager { 
        new AppOpInfo.Builder(OP_ESTABLISH_VPN_MANAGER, OPSTR_ESTABLISH_VPN_MANAGER,

                "ESTABLISH_VPN_MANAGER").setDefaultMode(AppOpsManager.MODE_ALLOWED).build(),

        new AppOpInfo.Builder(OP_ACCESS_RESTRICTED_SETTINGS, OPSTR_ACCESS_RESTRICTED_SETTINGS,

                "ACCESS_RESTRICTED_SETTINGS").setDefaultMode(AppOpsManager.MODE_ALLOWED)

                "ACCESS_RESTRICTED_SETTINGS").setDefaultMode(AppOpsManager.MODE_DEFAULT)

            .setDisableReset(true).setRestrictRead(true).build(),

        new AppOpInfo.Builder(OP_RECEIVE_AMBIENT_TRIGGER_AUDIO, OPSTR_RECEIVE_AMBIENT_TRIGGER_AUDIO,

                "RECEIVE_SOUNDTRIGGER_AUDIO").setDefaultMode(AppOpsManager.MODE_ALLOWED)

services/core/java/com/android/server/pm/InstallPackageHelper.java

+5 −14
Original line number Diff line number Diff line
@@ -3044,20 +3044,11 @@ final class InstallPackageHelper { 


            // Set the OP_ACCESS_RESTRICTED_SETTINGS op, which is used by ECM (see {@link

            // EnhancedConfirmationManager}) as a persistent state denoting whether an app is

            // currently guarded by ECM, not guarded by ECM, or (in Android V+) that this should

            // be decided later.

            if (android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()

                    && android.security.Flags.extendEcmToAllSettings()) {

                final int appId = request.getAppId();

                // TODO: b/388960315 - Implement a long-term solution to race condition

                mPm.mHandler.postDelayed(() -> {

                    for (int userId : firstUserIds) {

                        // MODE_DEFAULT means that the app's guardedness will be decided lazily

                        setAccessRestrictedSettingsMode(packageName, appId, userId,

                                AppOpsManager.MODE_DEFAULT);

                    }

                }, 1000L);

            } else {

            // currently guarded by ECM, not guarded by ECM or (in Android V+) that this should

            // be decided later. In Android B, the op's default mode was updated to the

            // "should be decided later" case, and so this step is now unnecessary.

            if (!android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()

                    || !android.security.Flags.extendEcmToAllSettings()) {

                // Apply restricted settings on potentially dangerous packages. Needs to happen

                // after appOpsManager is notified of the new package

                if (request.getPackageSource() == PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE

services/permission/java/com/android/server/permission/access/AccessPolicy.kt

+1 −1
Original line number Diff line number Diff line
@@ -431,7 +431,7 @@ private constructor( 
    companion object {

        private val LOG_TAG = AccessPolicy::class.java.simpleName



        internal const val VERSION_LATEST = 15

        internal const val VERSION_LATEST = 16



        private const val TAG_ACCESS = "access"

        private const val TAG_DEFAULT_PERMISSION_GRANT = "default-permission-grant"

services/permission/java/com/android/server/permission/access/appop/AppIdAppOpUpgrade.kt

+16 −0
Original line number Diff line number Diff line
@@ -61,5 +61,21 @@ class AppIdAppOpUpgrade(private val policy: AppIdAppOpPolicy) { 
                }

            }

        }

        if (version <= 15) {

            with(policy) {

                val appOpModes = getAppOpModes(packageState.appId, userId)

                if (

                    appOpModes != null &&

                        AppOpsManager.OPSTR_ACCESS_RESTRICTED_SETTINGS !in appOpModes

                ) {

                    setAppOpMode(

                        packageState.appId,

                        userId,

                        AppOpsManager.OPSTR_ACCESS_RESTRICTED_SETTINGS,

                        AppOpsManager.MODE_ALLOWED,

                    )

                }

            }

        }

    }

}